From: Theo Buehler <tb@theobuehler.org>
Subject: Re: firefox aarch64 pledge crashes
To: Landry Breuil <landry@rhaalovely.net>, ports <ports@openbsd.org>
Date: Mon, 23 Sep 2024 23:02:58 +0200

On Mon, Sep 23, 2024 at 03:01:17PM -0600, Theo de Raadt wrote:
> Does this help?
> 
> Since we are close to release, I'm intentionally making it a seperate
> block, and we can trust the compiler's common-subexpression-elimination
> to clean it up.  If there was a 3rd entry we would  make it a switch().

I tested an equivalent diff. This then runs into the sigills that sthen
posted.

> 
> Index: kern_pledge.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_pledge.c,v
> diff -u -p -u -r1.319 kern_pledge.c
> --- kern_pledge.c	4 Sep 2024 07:45:08 -0000	1.319
> +++ kern_pledge.c	23 Sep 2024 21:00:17 -0000
> @@ -997,6 +997,11 @@ pledge_sysctl(struct proc *p, int miblen
>  	    mib[0] == CTL_MACHDEP && mib[1] == CPU_ID_AA64ISAR0)
>  		return (0);
>  #endif /* CPU_ID_AA64ISAR0 */
> +#ifdef CPU_ID_AA64ISAR1
> +	if (miblen == 2 &&		/* arm64 libcrypto inspects CPU features */
> +	    mib[0] == CTL_MACHDEP && mib[1] == CPU_ID_AA64ISAR1)
> +		return (0);
> +#endif /* CPU_ID_AA64ISAR1 */
>  
>  	snprintf(buf, sizeof(buf), "%s(%d): pledge sysctl %d:",
>  	    p->p_p->ps_comm, p->p_p->ps_pid, miblen);
>